ViciBox v.9.0.0 missing certbot configuration files

Support forum for the ViciBox ISO Server Install and ISO LiveCD Demo

Moderators: enjay, williamconley, Staydog, mflorell, MJCoate, mcargile, Kumba

ViciBox v.9.0.0 missing certbot configuration files

Postby Kumba » Fri Oct 11, 2019 6:13 pm

Apparently OpenSuSE has broken the certbot package and installs it without the correct configuration files. I've had reports that just copying over the config files from ViciBox v.8.1 will fix it. So here are those config files and some instructions to install them:

1) cd /root
2) wget http://download.vicidial.com/vicibox/vi ... nfs.tar.xz
3) cd /etc
4) tar -xf /root/vicibox9-certbotconfs.tar.xz
5) ln -s certbot letsencrypt

In theory that should fully restore certbot functionality for the vicibox-certbot script. If you test this please give feed back here like it worked or it didn't work and any error messages you found. If it works just fine it will be rolled into ViciBox v.9.0.1
Kumba
 
Posts: 939
Joined: Tue Oct 16, 2007 11:44 pm
Location: Florida

Re: ViciBox v.9.0.0 missing certbot configuration files

Postby Kumba » Mon Oct 14, 2019 5:41 pm

Unless anyone posts otherwise I will include these config files in ViciBox v.9.0.1 and release that this Friday.
Kumba
 
Posts: 939
Joined: Tue Oct 16, 2007 11:44 pm
Location: Florida

Re: ViciBox v.9.0.0 missing certbot configuration files

Postby alo » Thu Dec 26, 2019 12:48 am

Using Vicibox 9.0.1 I am having trouble running Certbot.

VM22vb9:~ # vicibox-certbot
Certbot binary not installed at /usr/bin/certbot

I did try the above although I assumed that was already added to 9.0.1

Any Idea what I am doing wrong?
alo
 
Posts: 187
Joined: Wed Jun 20, 2012 10:21 am

Re: ViciBox v.9.0.0 missing certbot configuration files

Postby alo » Fri Dec 27, 2019 12:21 pm

I think there is supposed to be a file at /usr/bin/certbot.

I tried taking one from vicibox8 and it let me run the script but gave me others errors.

Anyone know If I missed something here?
alo
 
Posts: 187
Joined: Wed Jun 20, 2012 10:21 am

Re: ViciBox v.9.0.0 missing certbot configuration files

Postby lutrera » Sun Dec 29, 2019 9:43 am

Hello team,

Just installed v.9.0.1 and the command vicibox-certbot is still not working. I am getting the following error:

/var/log # vicibox-certbot
Certbot binary not installed at /usr/bin/certbot

Has this been corrected on this version? Is there a missing step?

Thanks in advance for all your help.
lutrera
 
Posts: 6
Joined: Fri Jul 19, 2013 9:03 pm

Re: ViciBox v.9.0.0 missing certbot configuration files

Postby alo » Mon Dec 30, 2019 9:58 am

I am still getting that same error too.
alo
 
Posts: 187
Joined: Wed Jun 20, 2012 10:21 am

Re: ViciBox v.9.0.0 missing certbot configuration files

Postby alo » Thu Jan 02, 2020 10:47 am

Hey Luterra, did you happen to find a solution here? Still looking myself...
alo
 
Posts: 187
Joined: Wed Jun 20, 2012 10:21 am

Re: ViciBox v.9.0.0 missing certbot configuration files

Postby lutrera » Fri Jan 03, 2020 5:44 pm

alo wrote:Hey Luterra, did you happen to find a solution here? Still looking myself...


Not yet, Still looking to resolved. If I find a solution I will post it here.
lutrera
 
Posts: 6
Joined: Fri Jul 19, 2013 9:03 pm

Re: ViciBox v.9.0.0 missing certbot configuration files

Postby alo » Tue Jan 07, 2020 10:46 am

I wonder if other people are seeing this error too or if we are just doing something wrong.
alo
 
Posts: 187
Joined: Wed Jun 20, 2012 10:21 am

Re: ViciBox v.9.0.0 missing certbot configuration files

Postby Acidshock » Sun Jan 12, 2020 9:54 pm

run

Code: Select all
zypper in python3-certbot


That will install the certbot binary.
VERSION: 2.14-698a | BUILD: 190207-2301 | Asterisk:13.24.1-vici | Vicibox 8.1.2
Acidshock
 
Posts: 428
Joined: Wed Mar 03, 2010 3:19 pm

Re: ViciBox v.9.0.0 missing certbot configuration files

Postby Acidshock » Sun Jan 12, 2020 11:08 pm

Just realized that client isnt ACME2 compatible. I recommend you do the following:

run this:

Code: Select all
zypper in socat
wget -O -  https://get.acme.sh | sh



Then create this script and run it. Syntax is -e some@email.com -d vicidial.testdomain.com

Code: Select all
#!/bin/bash

while getopts ":e:d:" options; do
    case "${options}" in
        e)
           EMAIL=${OPTARG} ;;
        d)
      DOMAIN=${OPTARG} ;;
        :) echo "Error: -${OPTARG} requires an argument."; exit 1;;
        *) echo "Internal error!" ; exit 1 ;;
    esac
done

if [ -z "$EMAIL" ]
then
   echo "Missing -e Email option!"
   exit 1
fi
if [ -z "$DOMAIN" ]
then
   echo "Missing -d Domain option!"
   exit 1
fi

mkdir /etc/certbot/live/$DOMAIN
/root/.acme.sh/acme.sh --issue -d $DOMAIN -w /srv/www/htdocs/ --cert-file /etc/certbot/live/$DOMAIN/cert.pem --key-file /etc/certbot/live/$DOMAIN/privkey.pem --fullchain-file /etc/certbot/live/$DOMAIN/fullchain.pem --accountemail $EMAIL

sed -i "/SSLCertificateFile/c\\\tSSLCertificateFile /etc/certbot/live/$DOMAIN/cert.pem" /etc/apache2/vhosts.d/1111-default-ssl.conf
sed -i "/SSLCertificateKeyFile/c\\\tSSLCertificateKeyFile /etc/certbot/live/$DOMAIN/privkey.pem" /etc/apache2/vhosts.d/1111-default-ssl.conf
sed -i "/SSLCACertificateFile/c\\\tSSLCACertificateFile /etc/certbot/live/$DOMAIN/fullchain.pem" /etc/apache2/vhosts.d/1111-default-ssl.conf
sed -i "/tlscertfile=/c\\tlscertfile=/etc/certbot/live/$DOMAIN/cert.pem" /etc/asterisk/http.conf
sed -i "/tlsprivatekey=/c\\tlsprivatekey=/etc/certbot/live/$DOMAIN/privkey.pem" /etc/asterisk/http.conf
/usr/sbin/rasterisk -x 'module reload http'
/sbin/service apache2 restart

echo "  If this is a telephony server you will need to modify the 'Web Socket URL'"
echo "  field for this server under the Admin --> Servers section. It will need to be"
echo "  changed to :"
echo "    wss://$DOMAIN:8089/ws"
echo
echo "  You will also need to modify the 'webRTC' template under the Admin --> Templates"
echo "  section. You want to change the following options under the "
echo "  'Template Contents' :"
echo "    dtlscertfile=/etc/certbot/live/$DOMAIN/cert.pem"
echo "    dtlsprivatekey=/etc/certbot/live/$DOMAIN/privkey.pem"

VERSION: 2.14-698a | BUILD: 190207-2301 | Asterisk:13.24.1-vici | Vicibox 8.1.2
Acidshock
 
Posts: 428
Joined: Wed Mar 03, 2010 3:19 pm

Re: ViciBox v.9.0.0 missing certbot configuration files

Postby IanGP » Mon Feb 17, 2020 11:06 am

Hi Acidshock,
Thanks for this.

Getting most of the way there, but the script doesn't create fullchain.pem.

Any ideas?

Thanks
IanGP
IanGP
 
Posts: 57
Joined: Thu Jul 28, 2016 1:27 am

Re: ViciBox v.9.0.0 missing certbot configuration files

Postby dspaan » Sun Feb 23, 2020 8:19 am

Hi Acidshock, thanks for the commands and script. I'm getting some errors when i run the script. Below i replaced my domain with vicidial.testdomain.com:

testhost:/opt # ./ssl.sh -e some@email.com -d vicidial.testdomain.com
[Sun Feb 23 13:50:01 CET 2020] Create account key ok.
[Sun Feb 23 13:50:01 CET 2020] Registering account
[Sun Feb 23 13:50:03 CET 2020] Registered
[Sun Feb 23 13:50:03 CET 2020] ACCOUNT_THUMBPRINT='KNgA6G-ytHlwJ5KMVbfXccqazt0e8Lnx7gwAv8zhRKc'
[Sun Feb 23 13:50:03 CET 2020] Creating domain key
[Sun Feb 23 13:50:03 CET 2020] The domain key is here: /root/.acme.sh/vicidial.testdomain.com/vicidial.testdomain.com.key
[Sun Feb 23 13:50:03 CET 2020] Single domain='vicidial.testdomain.com'
[Sun Feb 23 13:50:03 CET 2020] Getting domain auth token for each domain
[Sun Feb 23 13:50:06 CET 2020] Getting webroot for domain='vicidial.testdomain.com'
[Sun Feb 23 13:50:06 CET 2020] Verifying: vicidial.testdomain.com
[Sun Feb 23 13:50:10 CET 2020] Success
[Sun Feb 23 13:50:10 CET 2020] Verify finished, start to sign.
[Sun Feb 23 13:50:10 CET 2020] Lets finalize the order, Le_OrderFinalize: https://acme-v02.api.letsencrypt.org/ac ... 2421054695
[Sun Feb 23 13:50:12 CET 2020] Download cert, Le_LinkCert: https://acme-v02.api.letsencrypt.org/ac ... ac33691ed0
[Sun Feb 23 13:50:12 CET 2020] Cert success.
-----BEGIN CERTIFICATE-----
**redacted**
-----END CERTIFICATE-----
[Sun Feb 23 13:50:12 CET 2020] Your cert is in /root/.acme.sh/vicidial.testdomain.com/vicidial.testdomain.com.cer
[Sun Feb 23 13:50:12 CET 2020] Your cert key is in /root/.acme.sh/vicidial.testdomain.com/vicidial.testdomain.com.key
[Sun Feb 23 13:50:12 CET 2020] The intermediate CA cert is in /root/.acme.sh/vicidial.testdomain.com/ca.cer
[Sun Feb 23 13:50:12 CET 2020] And the full chain certs is there: /root/.acme.sh/vicidial.testdomain.com/fullchain.cer
[Sun Feb 23 13:50:12 CET 2020] Installing cert to:/etc/certbot/live/vicidial.testdomain.com/cert.pem
./ssl.sh: line 27: /etc/certbot/live/vicidial.testdomain.com/privkey.pem: No such file or directory
sed: no input files
./ssl.sh: line 31: /etc/apache2/vhosts.d/1111-default-ssl.conf: Permission denied
sed: no input files
./ssl.sh: line 33: /etc/apache2/vhosts.d/1111-default-ssl.conf: Permission denied
Module 'http' reloaded successfully.
Job for apache2.service failed because the control process exited with error code.
See "systemctl status apache2.service" and "journalctl -xe" for details.
If this is a telephony server you will need to modify the 'Web Socket URL'
field for this server under the Admin --> Servers section. It will need to be
changed to :
wss://vicidial.testdomain.com:8089/ws

You will also need to modify the 'webRTC' template under the Admin --> Templates
section. You want to change the following options under the
'Template Contents' :
dtlscertfile=/etc/certbot/live/vicidial.testdomain.com/cert.pem
dtlsprivatekey=/etc/certbot/live/vicidial.testdomain.com/privkey.pem
Regards, Dennis

Vicibox 9.0.1
Version: 2.14b0.5
SVN Version: 3199
DB Schema Version: 1588
Build: 200310-1801
dspaan
 
Posts: 1374
Joined: Fri Aug 21, 2009 1:40 pm
Location: The Netherlands

Re: ViciBox v.9.0.0 missing certbot configuration files

Postby elondoninc » Wed Feb 26, 2020 2:42 pm

Acidshock wrote:Just realized that client isnt ACME2 compatible. I recommend you do the following:

run this:

Code: Select all
zypper in socat
wget -O -  https://get.acme.sh | sh



Then create this script and run it. Syntax is -e some@email.com -d vicidial.testdomain.com

Code: Select all
#!/bin/bash

while getopts ":e:d:" options; do
    case "${options}" in
        e)
           EMAIL=${OPTARG} ;;
        d)
      DOMAIN=${OPTARG} ;;
        :) echo "Error: -${OPTARG} requires an argument."; exit 1;;
        *) echo "Internal error!" ; exit 1 ;;
    esac
done

if [ -z "$EMAIL" ]
then
   echo "Missing -e Email option!"
   exit 1
fi
if [ -z "$DOMAIN" ]
then
   echo "Missing -d Domain option!"
   exit 1
fi

mkdir /etc/certbot/live/$DOMAIN
/root/.acme.sh/acme.sh --issue -d $DOMAIN -w /srv/www/htdocs/ --cert-file /etc/certbot/live/$DOMAIN/cert.pem --key-file /etc/certbot/live/$DOMAIN/privkey.pem --fullchain-file /etc/certbot/live/$DOMAIN/fullchain.pem --accountemail $EMAIL

sed -i "/SSLCertificateFile/c\\\tSSLCertificateFile /etc/certbot/live/$DOMAIN/cert.pem" /etc/apache2/vhosts.d/1111-default-ssl.conf
sed -i "/SSLCertificateKeyFile/c\\\tSSLCertificateKeyFile /etc/certbot/live/$DOMAIN/privkey.pem" /etc/apache2/vhosts.d/1111-default-ssl.conf
sed -i "/SSLCACertificateFile/c\\\tSSLCACertificateFile /etc/certbot/live/$DOMAIN/fullchain.pem" /etc/apache2/vhosts.d/1111-default-ssl.conf
sed -i "/tlscertfile=/c\\tlscertfile=/etc/certbot/live/$DOMAIN/cert.pem" /etc/asterisk/http.conf
sed -i "/tlsprivatekey=/c\\tlsprivatekey=/etc/certbot/live/$DOMAIN/privkey.pem" /etc/asterisk/http.conf
/usr/sbin/rasterisk -x 'module reload http'
/sbin/service apache2 restart

echo "  If this is a telephony server you will need to modify the 'Web Socket URL'"
echo "  field for this server under the Admin --> Servers section. It will need to be"
echo "  changed to :"
echo "    wss://$DOMAIN:8089/ws"
echo
echo "  You will also need to modify the 'webRTC' template under the Admin --> Templates"
echo "  section. You want to change the following options under the "
echo "  'Template Contents' :"
echo "    dtlscertfile=/etc/certbot/live/$DOMAIN/cert.pem"
echo "    dtlsprivatekey=/etc/certbot/live/$DOMAIN/privkey.pem"




This worked perfectly on Vicibox 9.0.1! Thanks for this!
ViciBox_v.8.0.1 Vicidial VERSION: 2.14-632a BUILD: 170930-0853 Asterisk 11.25.3-vici DB: 2 x Xeon E5520 Quad Core 24GB DDR 3 ECC 2 x 160GB SSD Web,10 Telephonies, (11 Servs ) Xeon X3450 Quad Core - 2.66Ghz 2x147GB SAS 15K Intel Core 2 Quad 8gb DDR2
elondoninc
 
Posts: 14
Joined: Sun May 22, 2016 5:27 pm

Re: ViciBox v.9.0.0 missing certbot configuration files

Postby Acidshock » Mon Mar 09, 2020 12:20 am

Sorry guys. Just saw these posts. Anyone still having problems with it? You are using a live domain right? Not using vicidial.testdomain.com
VERSION: 2.14-698a | BUILD: 190207-2301 | Asterisk:13.24.1-vici | Vicibox 8.1.2
Acidshock
 
Posts: 428
Joined: Wed Mar 03, 2010 3:19 pm

Re: ViciBox v.9.0.0 missing certbot configuration files

Postby dspaan » Mon Mar 09, 2020 2:50 am

I didn't get it to work with the instructions in this thread. I hired a tech guy from Lets encrypt forums to help me out and setup a customized script i can re-use.
Regards, Dennis

Vicibox 9.0.1
Version: 2.14b0.5
SVN Version: 3199
DB Schema Version: 1588
Build: 200310-1801
dspaan
 
Posts: 1374
Joined: Fri Aug 21, 2009 1:40 pm
Location: The Netherlands

Re: ViciBox v.9.0.0 missing certbot configuration files

Postby byteme2000 » Thu Mar 12, 2020 3:29 pm

I'm doing a test install of the ViciBox v9 install before going into production. I finally got SSL configured and appears to be working fine.

My question is, since this is different than before, what do I put into the Crontab so that it runs the update every month.

Thanks
ViciBox ISO 7.0.4 64bit | ViciDial Version: 2.14-689a Build: 180922-0958 Asterisk: 1.8.31.0-vici| Multi Server 4 Dialers / 1 DB-Web Server | Amfeltec Timers | No extra software after install | Using Vicidial since 6/2013
byteme2000
 
Posts: 43
Joined: Mon Apr 08, 2013 12:31 pm

Re: ViciBox v.9.0.0 missing certbot configuration files

Postby Acidshock » Sat Mar 14, 2020 10:59 am

If you did the script above there should already be a crontab entry in place.
VERSION: 2.14-698a | BUILD: 190207-2301 | Asterisk:13.24.1-vici | Vicibox 8.1.2
Acidshock
 
Posts: 428
Joined: Wed Mar 03, 2010 3:19 pm

Re: ViciBox v.9.0.0 missing certbot configuration files

Postby byteme2000 » Mon Mar 16, 2020 10:58 am

Thank you very much. Yes it is there.
ViciBox ISO 7.0.4 64bit | ViciDial Version: 2.14-689a Build: 180922-0958 Asterisk: 1.8.31.0-vici| Multi Server 4 Dialers / 1 DB-Web Server | Amfeltec Timers | No extra software after install | Using Vicidial since 6/2013
byteme2000
 
Posts: 43
Joined: Mon Apr 08, 2013 12:31 pm

Re: ViciBox v.9.0.0 missing certbot configuration files

Postby Alfio » Wed Mar 25, 2020 1:08 pm

Acidshock wrote:Just realized that client isnt ACME2 compatible. I recommend you do the following:

run this:

Code: Select all
zypper in socat
wget -O -  https://get.acme.sh | sh



Then create this script and run it. Syntax is -e some@email.com -d vicidial.testdomain.com

Code: Select all
#!/bin/bash

while getopts ":e:d:" options; do
    case "${options}" in
        e)
           EMAIL=${OPTARG} ;;
        d)
      DOMAIN=${OPTARG} ;;
        :) echo "Error: -${OPTARG} requires an argument."; exit 1;;
        *) echo "Internal error!" ; exit 1 ;;
    esac
done

if [ -z "$EMAIL" ]
then
   echo "Missing -e Email option!"
   exit 1
fi
if [ -z "$DOMAIN" ]
then
   echo "Missing -d Domain option!"
   exit 1
fi

mkdir /etc/certbot/live/$DOMAIN
/root/.acme.sh/acme.sh --issue -d $DOMAIN -w /srv/www/htdocs/ --cert-file /etc/certbot/live/$DOMAIN/cert.pem --key-file /etc/certbot/live/$DOMAIN/privkey.pem --fullchain-file /etc/certbot/live/$DOMAIN/fullchain.pem --accountemail $EMAIL

sed -i "/SSLCertificateFile/c\\\tSSLCertificateFile /etc/certbot/live/$DOMAIN/cert.pem" /etc/apache2/vhosts.d/1111-default-ssl.conf
sed -i "/SSLCertificateKeyFile/c\\\tSSLCertificateKeyFile /etc/certbot/live/$DOMAIN/privkey.pem" /etc/apache2/vhosts.d/1111-default-ssl.conf
sed -i "/SSLCACertificateFile/c\\\tSSLCACertificateFile /etc/certbot/live/$DOMAIN/fullchain.pem" /etc/apache2/vhosts.d/1111-default-ssl.conf
sed -i "/tlscertfile=/c\\tlscertfile=/etc/certbot/live/$DOMAIN/cert.pem" /etc/asterisk/http.conf
sed -i "/tlsprivatekey=/c\\tlsprivatekey=/etc/certbot/live/$DOMAIN/privkey.pem" /etc/asterisk/http.conf
/usr/sbin/rasterisk -x 'module reload http'
/sbin/service apache2 restart

echo "  If this is a telephony server you will need to modify the 'Web Socket URL'"
echo "  field for this server under the Admin --> Servers section. It will need to be"
echo "  changed to :"
echo "    wss://$DOMAIN:8089/ws"
echo
echo "  You will also need to modify the 'webRTC' template under the Admin --> Templates"
echo "  section. You want to change the following options under the "
echo "  'Template Contents' :"
echo "    dtlscertfile=/etc/certbot/live/$DOMAIN/cert.pem"
echo "    dtlsprivatekey=/etc/certbot/live/$DOMAIN/privkey.pem"



Hi, I tried all the steps but when running the script it failed creating the fullchain.pem, and after that apache2 dosent start. Do you have any workaround about that, thanks in advanced.
Alfio
 
Posts: 22
Joined: Mon May 26, 2008 10:46 am

Re: ViciBox v.9.0.0 missing certbot configuration files

Postby GenXOutsourcing » Mon Apr 13, 2020 12:51 pm

Just did a fresh install, and have yet to be able to get the Certbot to work. The ISO was just downloaded a few days ago.

Have tried several of the above fixes, and no luck. Any update on making this work out of the box?
Built too many to count, Centos7 Scratch install, Opensuse Scratch install, Centos8 Scratch install, etc.
Dual 8 core/32gb RAM/500gb SSDs
SVN Version:3440
VERSION: 2.14-812a
genxoutsourcing.com
GenXOutsourcing
 
Posts: 120
Joined: Sun Sep 22, 2019 12:53 am

Re: ViciBox v.9.0.0 missing certbot configuration files

Postby rameez.amjad4 » Tue Apr 14, 2020 9:51 pm

Hello Dear,
I did run this command as mentioned:

" CODE: SELECT ALL
zypper in socat
wget -O - https://get.acme.sh | sh "

bur i want to know how do i???

Then create this script and run it. Syntax is -e some@email.com -d vicidial.testdomain.com

What is command to create a script afterwards mentioned in the post , please help, Thanks.
rameez.amjad4
 
Posts: 91
Joined: Wed Oct 03, 2018 1:23 pm

Re: ViciBox v.9.0.0 missing certbot configuration files

Postby Kumba » Thu Apr 16, 2020 5:42 pm

The vicibox-certbot script has been reworked and fixed in ViciBox v.9.0.2. It also does the database inserts for you now. All you need to do is make sure you have a working domain name that properly reaches apache on your server.
Kumba
 
Posts: 939
Joined: Tue Oct 16, 2007 11:44 pm
Location: Florida


Return to ViciBox Server Install and Demo

Who is online

Users browsing this forum: No registered users and 65 guests